So I came to the conclusion that to increase maintainability and extensibility of the programs and projects that I still update (some more frequently, others less), I need to rework their code.

As I prefer my principle of the least technological requirements, I am still not sure whether to stick with .Net 2 for my WinForms apps, or whether .Net 4 is already acceptable (i.e. does not require the user to separately install specific versions of .Net).

“The Cloud” and Cloud Computing in general are the latest hype in IT. However, the news that made the headlines in recent months give cause to worry.

As you put your data into the cloud, how will you regain control over the data again? Who else has access to your data? What happens to your data once the cloud infrastructure fails, and who is responsible (under what terms) to restore data and your access?

Just a couple of news articles on recent outages and privacy failures:

Wikipedia (Aug ’12)

Conclusion

With the cloud, you don’t own anything. You already signed it away. I want to feel that I own things […] A lot of people feel, ‘Oh, everything is really on my computer,’ but I say: the more we transfer everything onto the web, onto the cloud, the less we’re going to have control over it.

There are alternatives though, such as Owncloud and OpenNebula. So why not give them a try?

Just a couple of days after I removed the BKA ransomware virus from a friend’s laptop, the laptop got infected again. The result looked the same, a seemingly official warning that law enforcement detected illegal files or images on the PC, and that the machine would be unlocked after payment of a certain amount of money via payment providers.

This time, however, it was not possible to remove the virus so simply, as the symptoms were different:

no msconfig.dat

a hellomoto directory under \Users\****\AppData\Roaming\

the \Users\****\AppData\Local\Microsoft\Windows\ directory contains a directory named 3 or 4 digits with an executable inside

The German-language forums trojaner-board.de and botfrei.de already contained a couple of threads (here, here, here) mentioning these symptoms, but provided no help for removing them, with reformatting and re-installing as the only solution.

A friend of mine caught the so-called BKA Trojan, and asked me to help him remove it.

This trojan makes using Windows impossible, as it displays an official-looking statement (see sample) if connected to the Internet, and only a white empty desktop if not connected, and does not allow any user action. The only way to revert to normal is supposedly by sending money using PaySafeCard or Ukash.

The warning page (which is full of typos, even in the heading: “Investignation”) lists a couple of possible Internet crimes that have been committed and caused the “computer” to be locked by law enforcement, and unlocking is as easy as sending 100€ via the linked payment providers.

What to do?

We started Windows in command-line safe mode and started msconfig to find suspicious start-up entries, unfortunately without any obvious success.

By cd’ing and dir’ing around we found the date and time the infection took place. The temp directory C:\Users\[username]\AppData\Local\Temp contained an executable with a “funny” name (5628386cos7655422.exe), an HTML file and a couple of images.

Some removal tips mention the Shell setting in the registry, and we had another look using regedit (which can also be called from the win7 command line boot).

This seemed suspicious, as it should only contain “explorer.exe”, and nothing more.

In Explorer, I dragged the file into Notepad (size 47.104 bytes), and found that it contained the MZ and PE headers (wiki, SO), a clear sign that it was not an innocent data file, but an executable.

The next steps were pretty straight-forward: clean the Shell key to read “explorer.exe” only, remove the msconfig.dat, and reboot back to normal.

Surprisingly, the Trojan does not seem to contain any sophisticated survival code (such as copying itself all over the boot disk, planting several hooks in the registry, run a watchdog, etc) – things that can make malware removal a nightmare.

Everybody who has been programming for a while hopefully has found their favorite programming language(s), framework(s) and tools. From my Category Cloud, you can easily find out where I feel most fluent and comfortable, and the “comfort zones” are constantly evolving and/or changing. (I should really add ASP.Net MVC and JavaScript to that list 😉 )

Going hand in hand is the tendency of avoiding other languages, etc., due to lack of knowledge, experience, or because they are considered technically inferior. Recently, I came across a couple of pages bashing PHP, such as on Coding Horror (again!) referring to this blog which analyses the shortcomings of that language.

I guess, while this criticism will have no impact on Real PHP Programmers ™, it should certainly influence people evaluating other languages to avoid it, since the technical reasons NOT to start a PHP project seem overwhelming. (this here deals with “loose comparison“, as documented on PHP.net, and compared to Perl)

So is PHP special? Let’s ask Google:

language + “bashing”

hist

PHP bashing

8.500.000

td>VB.Net bashing

3.200.000

Powershell bashing

3.000.000 *

VisualBasic bashing

2.300.000

Delphi bashing

1.600.000

C# bashing

1.300.000

JavaScript bashing

1.200.000

VBA bashing

600.000

Java bashing

600.000

VB bashing

500.000

Powershell reports 3 million hits, but from the first look that’s mostly due to comparisons of Powershell with Bash and other shells.

Let’s have a look at databases

database + “bashing”

hist

MySQL bashing

3.000.000

Oracle bashing

500.000

SQL Server bashing

300.000

MySQL, SQLite, and Postgres are difficult to compare, again because of references to Bash shell programming.

Superficially judging from the numbers, I think we have a winner, though.